According to a recent report, the water treatment plant in Oldsmar, Florida that was recently targeted by hackers left their systems extremely vulnerable to infiltration. According to the Verge, the treatment plant shared a common password to access critical systems remotely.
Breitbart News recently reported that hackers managed to gain access to the water treatment plant of Oldsmar, Florida, and attempted to increase the amount of lye in the water to extremely dangerous levels. Plant operators quickly noticed the issue and fixed the systems before anyone was put in danger.
In a news conference this week, Pinnella County Sheriff Bob Gualtieri stated that on Friday morning a hacker gained access to a program intended to allow water treatment operators in Oldsmar to troubleshoot problems with the treatment systems. The program gives authorized users full remote access to the plant.
Now, the Verge reports that the water treatment plant itself left common remote control software on critical system computers and never even bothered to change the password.
According to an official cybersecurity advisory about the incident from the state of Massachusetts, the SCADA control system was accessed by the commercial remote desktop application TeamViewer, which is regularly used by IT professionals to remotely troubleshoot computer issues.
The report also states: “Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”
It appears that the water treatment plant failed entirely to issue individual passwords for software that could give anyone complete access to the computers running the entire water treatment system. Any person with the password could theoretically adjust the entire town’s water supply from anywhere in the world.
Christopher Krebs who previously served as the Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security testified earlier today that it is “very likely” an insider or disgruntled employee was behind the recent hack.
Pinellas County Sheriff Bob Gualtieri also clarified that the water treatment plant had actually stopped using TeamViewer six months ago but chose to leave the software installed on critical systems.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com